Consultant, Restoration and Remediation; Remote

Elkridge, Maryland, United States

Surefire Cyber is redefining the incident response model by delivering a swifter, stronger response to cyber incidents such as ransomware, email compromise, malware, data theft, and other threats. Our client-centric approach reduces stress and provides clients the confidence needed to prepare, respond, and recover from cyber incidents – and fortify their cyber resilience after an event.

Surefire Cyber’s approach and delivery are designed by industry veterans who have worked shoulder-to shoulder with law firms, insurance carriers, brokers, law enforcement, and impacted organizations in responding to cyber incidents. We are marshaling this experience to address the industry’s persistent challenges of efficiency, predictability, and transparency

Location:

Remote (USA)

Role:
Full time / Exempt

Compensation: $60k-$90k

You are a systems-savvy problem solver who thrives in fast-paced environments and brings hands-on experience restoring compromised systems and implementing remediation strategies. You’ve worked in roles like IT Engineer, System Administrator, or Cybersecurity Consultant, and now want to apply those skills in a high-stakes, incident response setting.

You’re comfortable collaborating with Digital Forensics and Incident Response (DFIR) teams, diagnosing problems quickly, and supporting clients with empathy and clear communication during urgent cyber events.

As a Consultant on the Restoration and Remediation (R&R) team, you’ll contribute technical expertise during active incidents — helping clients recover from ransomware, malware infections, and breaches. You’ll execute remediation tasks, restore systems, and collaborate with forensic analysts to support response efforts. Through meticulous remediation efforts and application of technical expertise, they’ll help clients regain operational stability and strengthen their defenses against future threats

• Support post-incident recovery efforts, collaborating with DFIR teams to assess the scope and impact of cyber incidents
• Participate in restoring compromised systems to a pre-incident state, including data recovery, system configuration, and hardening
• Assist in developing and executing tailored remediation plans based on technical, operational, and regulatory requirements
• Reimage, rebuild, and reconfigure endpoints, servers, and affected services such as Active Directory, Exchange, Group Policy, and VPN
• Use systems administration skills to restore and configure computing environments
• Troubleshoot network issues and assist in resolving infrastructure-level connectivity or access problems
• Contribute to the collection of digital artifacts and forensic evidence, supporting broader incident response
• Apply foundational knowledge to investigate and address malware infections, unauthorized access, and system integrity issues
• Implement endpoint protection and access control tools under supervision from senior R&R team members
• Document all actions taken in a clear, structured format, capturing technical findings, decisions made, and lessons learned
• Participate in after-hours (on-call/weekend rotational) support when needed to ensure 24/7 incident response coverage

• Bachelor's degree in IT, Cybersecurity, Computer Science, or equivalent experience in technical support or IT administration roles
• Foundational knowledge of Windows, Linux, and MacOS environments and their security features
• Experience with firewalls, VPNs, Active Directory, Group Policy, Exchange, and common endpoint security tools
• Understanding of cyber incident impact, attacker techniques, and indicators of compromise (IOCs)
• Strong technical troubleshooting skills and a proactive, team-first attitude
• Excellent written and verbal communication skills, with the ability to explain technical concepts to non-technical stakeholders
• Ability to manage competing tasks, adapt quickly to changing scenarios, and contribute in high-pressure situations

Expertise in all these areas is not required ,…